Apple and other tech firms have rallied together to criticize a GCHQ proposal which would enable the UK government to eavesdrop on encrypted chat services.
The iPhone maker, together with WhatsApp and 50 companies, civil society organizations and security experts, have signed an open letter calling on the GCHQ to abandon it so-called “ghost protocol” and instead focus its efforts on “protecting privacy rights, cybersecurity, public confidence and transparency”.
Technical director of the UK's national cyber security centre, Ian Levy and head of cryptanalysis at GCHQ Crispin Robinson first raised the proposal back in November of 2018. Together they suggested a technique that would require encrypted messaging services to share any encrypted messages sent with a third recipient in addition to those already in a chat.
- US and UK governments call for mandatory backdoors in encrypted chat
- Five Eyes nations want access to your encrypted communications data
- The war for encrypted data
Levy and Robinson made the case that their proposal was “no more intrusive than the virtual crocodile clips” already used today in wiretaps of non-encrypted communications.
GCHQ surveillance opposition
The open letter sent to the GCHQ in opposition to its plan argues that the proposal “requires two changes to systems that would seriously undermine user security and trust”.
Under the proposal, service providers would be forced to inject a new public key into a conversation that would turn a two-way conversation into a group chat with the government being an additional participant.
Additionally, the GCHQ's proposal would require messaging apps, service providers and operating systems to alter their software by changing the encryption schemes used. They would also be required to mislead their users by blocking the notifications that appear when a new user joins a chat.
The proposal may not call for back doors into encrypted messaging services but it would undermine user trust in security as a whole. Levy replied to the open letter in such a way as to suggest that the proposal could be scrapped following the backlash it has received, saying:
“We welcome this response to our request for thoughts on exceptional access to data - for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion. We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible.”
- We've also highlighted the best VPN
Via The Guardian